<?php

/**
 * Show employee information function
 *
 * Return employee profile information
 *
 * @author Dawid Marciniak <dawidm@gmail.com>
 */
include_once 'UTerrorcode.php';
include_once 'UTcheckAuth.php';
include_once 'UTDBGlobal.php';

/**
 * @param $userName string
 * @param $userPass string
 * @param $targetUser string
 * @return array|void
 */
function showEmployeeInfo($userName, $userPass, $targetUser) {
    global $dbaddress;
    global $dbuser;
    global $dbpassword;
    global $dbdatabasename;

    //declare output and auth success/fail var, error code generated throughout
    $output = array();
    $auth = 0;

    if (checkAuthentication($userName, $userPass) == true) {
        $conn = mysqli_connect($dbaddress, $dbuser, $dbpassword, $dbdatabasename);
        $sql = "SELECT empID FROM paradigmshift_dev.account WHERE accName = '$targetUser'";
        $result = mysqli_query($conn, $sql);
        $row = mysqli_fetch_row($result);
        $empID = $row[0];

        if ($row == NULL) {
            $error = 300 + ErrorCode::failRead;
        } elseif ($userName == $targetUser) {//no more auth needed
            $auth = 1;
        } else {
            //check if user is manager
            $sql = "SELECT empID FROM paradigmshift_dev.account WHERE accName = '$userName'";
            $result = mysqli_query($conn, $sql);
            $row = mysqli_fetch_object($result);
            $managerID = $row->empID;

            $sql = "SELECT empStatus FROM paradigmshift_dev.employees WHERE empID = '$managerID'";
            $result = mysqli_query($conn, $sql);
            $row = mysqli_fetch_object($result);
            $empStatus = $row->empStatus;

            if ($empStatus == 'Manager') {
                $auth = 1;
            } else {
                $error = ErrorCode::authFailRead;
            }
        }
    } else {
        $error = ErrorCode::authFailRead;
    }

    if ($auth == 1) {
        $sql = "SELECT * FROM Employees WHERE empID = '$empID'";
        $result = mysqli_query($conn, $sql);
        if (!$result) {
            $error = ErrorCode::sysError;
        }
        $outty = mysqli_fetch_array($result);
        $error = ErrorCode::successRead;

        $msg = $outty[1] . $outty[2] . $outty[3] . $outty[4] . $outty[5] . $outty[6] . $outty[7] . $outty[8] . $outty[9];
        $hashMsg = hash('md5', $msg);

        $output[0] = $outty;
    }
    //append error code to start of code
    array_unshift($output, $error);
    if ($auth == 1) {
        $output[] = $hashMsg;
        $output['hash'] = $hashMsg;
    }
    return $output;
}